Tried to find a contact addy - LinkedIn says I have to upgrade the account to do so, and MyBlogLogs doesn't have the feature - and MySpace keeps crashing.

As with RC, hard to tell if a hack or linkbait. :)

To be honest, not seen a hack redirect to another site like this. I mean, Wordpress?? Seen a lot of hacked sites, and they usually leave the calling card on the front of the domain - "freedom for Palestine" and all that sort of jazz.

when I saw "Hello World From FuckingPirate!" in my RSS Reader. And I thought that a few of the sites on the list (such as Matt Cutts and the Hacker site) were on there to throw off that big stink of LinkBait that is coming from that site. But I could be wrong.... ;)

Added: I guess the bigger problem then is that LinkBait seems to desensitize the reader after a while, to the point where everything seems like LinkBait including a legitimate hacking...

Countless. On the criminal level... never and hopefully this isn't the first time. Though "How I broke the law for links, Confessions of a LinkWhore" or "Beg, Borrow, Steal and Hack your way to Links" have a nice LinkBaity ring to them.

BTW: Andy you and NickW set the high watermark for linkbait aka: you ruined it for everyone else :)

Serious question for shoemoney - How far do you go to exploit "gray areas" for ringtones?

I would love to know who has been playing around and ranking pages from a sub directory on my site. I am not talking about page #3 in Google, I am talking about the top positions for MANY phrases related to ringtones and viagra. Someone was using the weakness in Wordpress to make some BIG $ and doing VERY well in Google. Glad I removed the directory in time, bet there are thousands of other sites out there that are not aware of the SEO/hacker connection but maybe that is how it is played today? Can someone enlighten me?

Thanks for clarifying Shoe, you might want to also be aware that whomever hacked my site was also targeting your interview with comment spam related to ringtones, hehe strange but true. :-)

Storyspinner - The SEO hacking dude says that anyone who is a "self proclaimed SEO guru" is fair game. I have to admit that I get a kick out of that, cuz some of us could learn to be a little more humble. ;o)

It smells of attention getting, linkbaiting whatever you want to call it. But interesting none the less. It most likely is someone on the list but there are notables not on it as well. So it could be someone very close to one of those self proclaiming seo king personas.

Ironically enough - I was sitting in "Mustang Sally's" in NYC with Michael - when after a nice lunch chat before our im-ny.org meeting, I had several mails on my phone that had the subject of "hacked?" (while reading my pda - I thought to myself "this can't be good", chuckled, and proceeded to mustang harry's") - thank you to all the folks who bothered to mail me. No thanks to the folks who thought it was linkbait (are we really that fickle that you think I'd lie to people for links to my BLOG?), and to the schmuck who decided to publicly display my security flaw (as usual the cobbler's kids has no shoes).

Should hopefully have a report by morning, and and a restored site - currently on the train back to albany after a wonderfully pleasant evening with a great group of new yorkers, and nearby fellow sem folks.

The blogsphere (God I hate that word) is filled with countless "SEO blogs" syndicating what other "SEO blog" syndicated from another "SEO blog" that syndicated some bullshit guru

It's wrong what he did and I'm sorry for the targets, but he does make a good point about the many many so called SEO blogs out there that are nothing more than linking to Matt Cutts with a sentence like, "Matt Cutts discusses supplemental results", or even worse pointing to an SEO blog that points to Matts blog.

jetboy it's more than a register_globals thing. The flaw is in the PHP core, having to do with an assumption about data types. It has been fixed in the current versions of 4 and 5.

The flaw creates a problem for some PHP routines, including unset(). The register_globals issues was "solved" by some software coders (including phpBB and Wordpress teams), by using unset() to clear variables that might be untrustworthy due to register_globals being left on. That way the app wouldn't care if register_globals was on or not. BUT... the flaw is potentially a problem for all PHP code, not just web masters who have register_globals on.

Wordpress and phpBB are early targets for which working exploits were published within a week or so of the revelation by the hardened PHP team that this flaw existed and could be exploited. The flaw in PHP left opportunities, and the coding within the apps created exploit possibilities. Each app potentially creates a different, unique opportunity for an exploit to work. You don't need to have register_globals on to be vulnerable. You just need to have PHP < 4.whatever or PHP 5 < 5.whatever.

Graywolf and Todd didn't have to have insecure setups to be hacked like this. They could have been hacked because they were using an older (but not old) version of PHP, and they were using Wordpress < 2.0.7. Like most everybody else.

What can really bake your noodle is thinking about your vulnerability as a user of the Wordpress platform. If a flaw is discovered, you are vulnerable and can't do a thing about it, as hackers target one of the largest communities in web world (Wordpress sites). BUT... wordpress dev Mark Jaquith posted an update within hours of first notice, and a full upgrade was released shortly after even though the Wordpress dev team is pushing out a new version with a deadline of the 22nd.

If you were on a custom platform, how long before you knew how the PHP flaw was a factor based on how your app was coded, and then how long before your coders could fix the problem and provide a patch? I bet you count that in weeks at best. So how do you manage the risk...exposure via platform footprint vs. time to detect and fix? If you were a target (as these guys were) then exposure was a given, and time to fix was the key. Better to be using Wordpress.

So if you use Wordpress, go to Manage/Backup and email yourself a backup. Then go donate to the Wordpress cause, or buy something on Mark Jaquith's amazon wish list. That's just my opinion, but I think it's better than rationalizing why you were and are not at risk.

Have to give kudos to Mark Jaquith, though -- for a quick fix that didn't require zillions of WordPress users to ask their web hosts what version of PHP was on their servers, and then possibly demanding that it be upgraded.

Would you even be a target if you were using a "custom platform"? The hack requires you to know the variable names you are using in your code, so you'd need access to the source to make it worth bothering attacking a custom installation.

Obscurity is no security, but consider this: If you had found a generic exploitable flaw in PHP, would you a) spending 10 hours attacking a single custom site or b) spend 1 hour attacking a few thousand WordPress sites?

Remove his links and his site name from your blogs and forget about him...

Added>>>>
Hey WilliamC are you promoting this guy? Why put up the site name? It would have been just as good to say his site was back up at another URL, and you would not have been promoting this feeble minded moron.

let's let this die the death it should. I only wish that it had actually been linkbait as opposed to a real hacking as that would have gotten my vote as the best Linkbait Caper of all time. I apologize if anyone (ShoeMoney, GrayWolf, Stuntdubl, etc.) took my statements personally. It's a real shame that I actually thought it was linkbait - I guess I'm just immune to real news because of all the linkbait out there.